atomically_replaced_file: respect umask/sgid/etc. via tmpdir
Don't create the tempfile via mkstemp because it always creates files
with restricted permissions, which is not what we want for a new
packfile (for example). The replacement files should respect the
environment umask, directory sgid bits, etc.
Instead, create a normally open()ed file in a mkdtemp directory in the
same directory as the target path. Don't use TemporaryDirectory
because it's a @contextmanager (see below).
Add a missing '+' to the midx open mode. Without it mmap_readwrite's mmap
will fail with EACCES. This wasn't an issue with the previous
implementation because mkstemp doesn't accept a full mode string.
Also drop @contextmanager. Because it involves a generator,
@contextmanager creates managers that are incompatible with
ExitStack.pop_all() because they close during that call -- exactly
what pop_all() is intended to avoid.